In a storage area network (SAN), a logical unit is a set of storage on a particular array that is designed to act as a single storage unit. A logical unit number (LUN) is a unique identifier used on a bus that enables the bus to differentiate between separate devices (each of which is a logical unit). Each LUN is a unique number that identifies a specific logical unit, which may be an end user, a file, or an application program. Different hosts or servers can communicate to an array at different addresses and access, at the same time, different LUNs that are stored on the same array.
In a SAN, crucial data on one server are usually backed up using a backup server. The data backup may be accomplished by creating a snapshot LUN, which represents an exact copy of an existing LUN at a given point in time. The snapshot LUN can be accessed by the backup server and then backed up to a disk or tape. However, in a secure SAN environment, if a LUN is not specifically configured as accessible to the backup server, the LUN will not be visible to that backup server. As a result, the data backup process may be impeded.
Previous attempts to solve data backup problems have been ineffective. One attempted solution is to use less secure switch zoning. The SAN is loosely configured, which allows multiple servers (including the backup server) access to the exact same storage. Allowing access of a LUN by a server other than the one that is currently using the LUN can result in massive data loss. Thus, extreme care must be taken to configure each server to prevent data loss.
Another attempted solution is to use switch or array-based LUN security, where either the array or the switch limits the LUNs that a particular server can access. At the time of backup, the switch can be reconfigured to allow the alternate server access to the snapshot LUN. However, since backup software usually runs automatically, the backup software must have prior knowledge of the type of LUN security methods that are in place. The backup software must have knowledge of how to configure all of the LUN security methods. The backup software must be configured with a variety of usernames and passwords of accounts that are authorized to make changes to each device providing the LUN security. If the backup software is not properly configured, manual intervention is required after the creation of the snapshot LUN and before the backup takes place.
Another attempted solution uses host-based LUN security, which requires the server itself to be programmed to limit which LUNs the server is allowed to access. This self-policing solution may minimize the chances of one server accidentally affecting storage being accessed by a different server. However, for this kind of security to be effective, each server must keep a master list of which LUNs the server is allowed to access. A recently created snapshot LUN may be unknown to the master list, and needs to be discovered prior to being assigned to the backup server.